System and method for detecting and integrating with native applications enabled for web-based storage

ABSTRACT

A cloud storage system provides remote access to a file associated with the cloud storage system. In response to a request to access the file, the cloud storage system identifies applications available to the request generator and capable of accessing the file, which may include both online web-based applications and applications installed on a device with which the user is accessing the file. The cloud storage system determines an application type of an identified application, and provides file access to the identified application based on the application type.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of co-pending U.S. patent applicationSer. No. 15/069,397, filed Mar. 14, 2016, entitled, “System and Methodfor Detecting and Integrating with Native Applications Enabled forWeb-Based Storage,” which is a continuation of U.S. patent applicationSer. No. 13/787,187, filed on Mar. 6, 2013, entitled “System and Methodfor Detecting and Integrating with Native Applications Enabled forWeb-Based Storage,” now U.S. Pat. No. 9,317,709, which claims benefitunder 35 U.S.C. § 119(e) of U.S. Provisional Application No. 61/664,651,filed Jun. 26, 2012, which is incorporated herein by reference in itsentirety, and of U.S. Provisional Application No. 61/664,627, filed onJun. 26, 2012. All of the aforementioned applications are incorporatedherein by reference in their entirety.

BACKGROUND

Personal computers traditionally store files locally, on a mediumdirectly accessed by the computer generating or editing the files. Asnetwork access has become more widespread, it has become feasible tostore files on a remote network. Storing files on a remote network, alsoreferred to as cloud storage, allows a user to access the files usingany device that can access the network. Such cloud storage systemsreduce the user's need for local storage capacity and assure the userthat, regardless of which device is accessing a file, an up-to-date copyof the file is being accessed.

Existing cloud storage systems either copy a file to a user device to beaccessed locally or provide a file to an online web-based applicationthat may be run through a web browser on the user device. Copying thefile to the user device for local access requires the user device todevote extra resources of the user device to the file. Providing thefile to an online web-based application requires the user to access thefile using a program that may not be optimized for the user's device.Neither technique is adaptable to performance demands that may varyacross time, users or user devices.

SUMMARY

Thus there exists a need in the art to identify applications availableto a cloud storage system's user and provide file access to auser-selected application according to the application type. The systemsand methods described herein allow a cloud storage system to identifyapplications which are both available to a user and capable of accessinga file. The systems and methods described herein further allow a cloudstorage system to identify the capabilities of a user-selectedapplication and to provide contents of the file being accessed to theuser-selected application based on the identified capabilities.

In certain aspects, the systems and methods described herein relate toproviding access to a file associated with a cloud storage system. Thecloud storage server receives a request to access the file. To fulfillthe request, the cloud storage server identifies a request generator.The request generator may be a user associated with the file, a user whogenerated the request, a device which transmitted the request, or somecombination thereof. The cloud storage server may further identify afile type of the file and an application capable of accessing the filetype. The cloud storage server may determine whether the identifiedapplication is available to the request generator. The applicationsavailable to the request generator may include applications installed ona device associated with the request generator or online web-basedapplications that the request generator is authorized to access. If anapplication capable of accessing the file type is determined to beavailable to the request generator, the cloud storage server maydetermine an application type of the available application. Theapplication type may indicate whether the available application iscapable of accessing the file through the cloud storage system. If theavailable application can access the file through the cloud storagesystem, the cloud storage server may provide file access information tothe available application.

If no identified application is available to the request generator, thecloud storage server may provide the request generator with an option togain access to an identified application. The cloud storage system mayrespond to a user selection of such an option by installing theapplication on a device associated with the request generator. The cloudstorage server may also identify whether an application is installed ona user device or whether an application is an online web-basedapplication, and may copy contents of the file to the user device or toa server hosting the online web-based application accordingly.

BRIEF DESCRIPTION OF THE DRAWINGS

The systems and methods described herein are set forth in the appendedclaims. However, for the purpose of explanation, several embodiments areset forth in the following drawings.

FIG. 1 is a block diagram of a cloud storage system, according to anillustrative implementation;

FIG. 2 is a block diagram of a cloud storage engine, according to anillustrative implementation;

FIG. 3 depicts an exemplary screenshot of a user interface forpresenting a user with a list of applications available to a personalcomputer to access a file on the cloud storage system of FIG. 1,according to an illustrative implementation;

FIG. 4 depicts an exemplary screenshot of a user interface forpresenting a user with a list of applications available to a mobilecomputing device to access a file on the cloud storage system of FIG. 1,according to an illustrative implementation;

FIG. 5 is a flow chart of a process for identifying an application toaccess a file stored on the cloud storage system, according to anillustrative implementation;

FIG. 6 is a flow chart of a process for accessing a file stored on thecloud storage system, according to an illustrative implementation; and

FIG. 7 is a flow chart of a process for verifying the identity of a userof the cloud storage system, according to an illustrativeimplementation; and

FIG. 8 is a block diagram of a computing device for performing any ofthe processes described herein, according to an illustrativeimplementation.

DETAILED DESCRIPTION

In the following description, numerous details are set forth for thepurpose of explanation. However, one of ordinary skill in the art willrealize that the implementations described herein may be practicedwithout the use of these specific details and that the implementationsdescribed herein may be modified, supplemented, or otherwise alteredwithout departing from the scope of the systems and methods describedherein.

The systems and methods described herein relate to providing access to afile stored on a cloud storage system. In response to a request toaccess the file, the cloud storage system may identify a requestgenerator, a file type of the file and applications capable of accessingthe file type. The cloud storage system may determine which identifiedapplications are available to the request generator. Availableapplications may include applications installed on a device associatedwith the request generator and online web-based applications that therequest generator is authorized to access. If an identified applicationis available, the request generator may be provided with a choice ofavailable applications with which to access the file. If no identifiedapplication is available to the request generator, the cloud storagesystem may provide an option of gaining access to an identifiedapplication. In some implementations, the cloud storage system mayinstall the identified application on a device associated with therequest generator in response to receiving a selection of the option togain access. In response to an application being found or madeavailable, the cloud storage system may further identify the applicationtype of an available application, which may indicate whether theavailable application may access the file through the cloud storagesystem. Applications capable of accessing the file through the cloudstorage system may be provided with file access information.Applications incapable of accessing the file through the cloud storagesystem may be provided with contents of the file.

FIG. 1 is an illustrative block diagram of a cloud storage system 100,which provides remote storage of and access to computer files. Computerfiles may include text, pictures, audio files, video files, presentationfiles, spreadsheets, binary data files, computer instructions, HyperTextMarkup Language (HTML) files, or other suitable files. Files are storedon cloud storage device 102, which may include a server, a personalcomputer, a mainframe, a cluster of computing devices, or some othersuitable computing device, and is described in more detail in relationto FIG. 2. Files may be uploaded to or accessed from cloud storagedevice 102 via network 104. Network 104 is a computer network, and incertain implementations may be the Internet. A user accesses files oncloud storage device 102 through user device 106. The user may interactwith cloud storage device 102 through user interface (UI) 108, which maybe generated by user device 106 based on instructions sent by cloudstorage device 102.

User device 106 is a computing device used to access cloud storagedevice 102, and may be a personal laptop computer, a personal desktopcomputer, a tablet computer, a smartphone, or some other suitablecomputing device. User device 106 may include installed applications,which in certain implementations may be capable of accessing or alteringfiles stored on cloud storage device 102. In certain implementations,user device 106 may store information regarding the data processingcapacity of user device 106, a list of installed applications, a list offile types accessible by each installed application, the capability ofeach installed application to access a file stored on cloud storagedevice 102 without downloading a copy of the file, or other suitableinformation regarding the capability of user device 106 to access filesstored on cloud storage device 102. In such implementations, user device106 may be configured to transmit a portion or the whole of suchinformation upon first connecting to cloud storage device 102, inresponse to a query by cloud storage device 102, or under other suitablecircumstances.

UI 108 is an interface through which a user may access files andapplications associated with cloud storage device 102. UI 108 may be anapplication, such as a web browser or other suitable application, whichis run by user device 106 and which displays information received fromcloud storage device 102. UI 108 may generate and send commands to cloudstorage device 102 in response to a predetermined action by a user,which may include selecting an icon with a cursor or on a touchscreen,selecting a menu option with a cursor or on a touchscreen, writing atext command, or other suitable action. Commands may include requests toaccess a file with a default application, requests to retrieve a list ofapplications capable of accessing a file and available to the user,requests to access a file with a selected application, and othersuitable commands. In certain implementations, different userinteractions with UI 108 may generate different commands.

As an illustrative example of such an implementation on a user device106 with a touchscreen, UI 108 may detect a user tapping an area of thetouchscreen associated with a file. If the user stops pressing the areawithin a predetermined amount of time, UI 108 may generate a request toaccess the file using a predetermined default application. If the userpresses the area for a period lasting longer than the predeterminedamount of time, UI 108 may request a list of available applicationscapable of opening the file from cloud storage device 102 and providethe list to the user. In response to the user selecting an applicationfrom the list, UI 108 may request cloud storage device 102 provide fileaccess to the user-selected application.

Cloud storage system 100 stores computer files and allows a user toaccess the files with a remote user device 106. User device 106 connectsto cloud storage device 102 through network 104. UI 108 displaysinformation provided by cloud storage device 102, such as a list offiles associated with the user. A user may interact with UI 108 torequest access to a file, such as by selecting icons with a cursor. Inresponse to receiving a file access request, cloud storage device 102may identify a user selection of an application with which to access thefile based on the user's interactions with UI 108, and may provide fileaccess to the user-selected application.

FIG. 2 is an illustrative block diagram of a cloud storage engine 200,which may act as the cloud storage device 102 of FIG. 1. Cloud storageengine 200 allows user device 106 to access files over network 104.Cloud storage engine 200 transmits and receives data throughcommunication port 202. Communication processor 204 identifies userinstructions received through communication port 202 and transmitsinformation to the user device 106 based on the received instructions.Files are stored in file database 206, user information is stored inuser database 208, and information regarding applications may be storedin application database 210. In certain implementations, applicationdatabase 210 may also store applications. Authentication processor 212may verify the identity of a user or whether a user-selected applicationis authorized to access a file associated with cloud storage engine 200.

The depicted communication port 202 is a network port which receivesuser commands via network 104 and transmits information and filecontents sent by cloud storage engine 200. Communication port 202 mayinclude a 100BASE-TX port, a 1000BASE-T port, a 10GBASE-T port, a Wi-Fiantenna, a cellular antenna, or other suitable network ports. In certainimplementations, there may be a different number of ports than aredepicted. In certain implementations, communication port 202 may providesecure communications, such as by using the Secure Sockets Layer (SSL)protocol, the Transport Layer Security (TLS) protocol, or other suitableprotocol.

Communication processor 204 may be a computer processor which identifiesinstructions received through communication port 202 and transmitsinformation to a user device 106 in response. Upon a user connecting tocloud storage engine 200, communication processor 204 may identify theuser, in certain implementations by comparing login information providedby the user to information stored in user database 208. Communicationprocessor 204 may further identify the user device 106 from packetheaders identifying the source of data received from the user, byquerying the user device 106, from information provided by the userdevice 106 at login, or through some other suitable method ofidentifying the user device. In response to a user command to access afile, communication processor 204 may identify the file type of the filefrom a file extension, from a Multipurpose Internet Mail Extension(MIME) type associated with the file, file metadata, or from some othersuitable identifying information associated with the file. Communicationprocessor 204 may identify a list of available applications capable ofaccessing the identified file type by some combination of querying userdevice 106 for a list of installed applications capable of accessing theidentified file type, by identifying cloud storage applicationsassociated with the user and capable of accessing the identified filetype, or by some other suitable method. In some implementations, if noapplication capable of accessing the identified file type is available,communication processor 204 may provide a user with an option to gainaccess to one or more applications capable of accessing the identifiedfile type. Such an option may be provided by instructing UI 108 todisplay a message with a link to gain access to an application. In somesuch implementations, communication processor 204 may install anapplication on a user device 106 in response to a user accepting anoption to gain access to an application. Communication processor 204 mayprovide the list to user device 106 and allow the user to select anapplication from the list to access the file. In certainimplementations, a user command to access a file may designate anapplication to access the file, such as by indicating that the file isto be accessed with a predetermined default application. In suchimplementations, communication processor 204 may not identify ortransmit a list of other available applications. Once a user-selectedapplication has been identified, communication processor 204 providesfile access to the application.

To provide file access to an application, communication processor 204identifies an application type of the application. Application types mayinclude applications installed on user device 106, referred to herein as“native applications,” and may identify whether an application isconfigured to access cloud storage engine 200, referred to herein asbeing “cloud-capable.” Applications not installed on user device 106 mayinclude online web-based applications provided through cloud storageengine 200, referred to herein as “first-party cloud applications,” oronline web-based applications not provided through cloud storage engine200, referred to herein as “third-party cloud applications.”Communication processor 204 may allow access to contents of a file or tometadata associated with the file based on the type of the user-selectedapplication. As an illustrative example, communication processor 204 mayallow a cloud-capable native application or a first-party cloudapplication to access both a file and metadata associated with the file,but may transmit only a copy of a file to a user device 106 running acloud-incapable native application or to a server hosting a third-partycloud application. In some implementations, some third-party cloudapplications may be cloud-capable while others are not.

File database 206 may be a computer-readable and -writable mediumstoring at least one file associated with a cloud storage system 100,which may include text, images, audio files, video files, spreadsheets,presentation files, HTML files, or other suitable computer files. Filedatabase 206 may also store metadata associated with each file, whichmay include a MIME type type of the file. In certain implementations,file metadata may also include one or more users authorized to view oredit the file, the application used to generate the file, a defaultapplication for accessing the file, a record of when and by whom thefile was previously accessed or edited, or other suitable information.In some implementations, a portion of file database 206 may be accessedthrough a remote network, and may be a third-party database.

User database 208 may be a computer-readable and -writable mediumstoring information associated with at least one user of cloud storageengine 200. The information may include one or more of a username andpassword associated with a user, a list of the files associated witheach user, a list of at least one user device 106 associated with theuser, a list of cloud applications associated with the user, a list ofapplications available to a user, a list of each application the userhas authorized to access each file or file type represented in theuser's files, a default application the user has identified foraccessing a file type, user-specified preferences, or other suitableuser information.

Application database 210 may be a computer-readable and -writable mediumstoring information regarding applications associated with cloud storageengine 200. Application database 210 may include compiled or uncompiledcomputer instructions comprising an application, a link to access acloud application, a link to download a native application, an iconassociated with the application, a description of the application, orother suitable information regarding an application. First-party cloudapplications may be stored as computer instructions that may beperformed by a web browser run on a user device 106, which may bewritten in HTML, JavaScript, Asynchronous JavaScript and XML (Ajax), oranother suitable computer language. In certain implementations, afirst-party cloud application may be executed by cloud storage engine200 and one or more outputs from the first-party cloud application maybe transmitted to a user device 106. Application database 210 may storemetadata associated with an application, which may include file typesthe application is capable of opening, the varieties of user device 106on which the application may run, the users authorized to use theapplication, whether the application is cloud-capable, alternateversions of the application, or other suitable information. In certainimplementations, application database 210 may include metadata for anapplication not stored in application database 210.

Authentication processor 212 may be a computer processor which blocksunauthorized access of information associated with cloud storage engine200. Unauthorized access may be detected by comparing one or more of ausername and password combination, information identifying a user device106, geographic information associated with the user device 106, orother suitable information with information stored in user database 204.If a request generator is not successfully verified, authenticationprocessor 212 may transmit a message to the user or a systemadministrator, block user device 106, temporarily lock the user account,or take some other predetermined action. In certain implementations, ifa user device 106 has not previously been connected to cloud storageengine 200, authentication processor 212 may require the user to provideidentification information, which may include a username and passwordcombination, an identification number provided to the user by a voice ortext message sent to a telephone number previously provided by the user,or other predetermined identification information. In certainimplementations, authentication processor 212 may verify that anapplication may be allowed to access a file by searching file database206, user database 208, and application database 210 to determinewhether the application is associated with the user, whether theapplication is associated with the file type of the file, whether theuser has authorized the application to access the file or the file type,or other suitable verification information. In some suchimplementations, authentication processor 212 may verify a securitytoken provided by the application against information stored in one ormore of file database 206, user database 208, or application database210. If an application is not authorized to access a file,authentication processor 212 may prevent the application from accessingthe file, transmit a message to the user or a system administrator, ortake some other suitable action. In certain implementations, such amessage to the user may ask if the user wishes to authorize theapplication to access the file. In certain implementations,authentication processor 212 may establish a secure connection with userdevice 106 using a protocol such as the SSL or TLS protocols.

Cloud storage engine 200 receives transmissions from user device 106 atcommunication port 202 via network 104. Communication processor 204 mayidentify an account associated with a user upon the establishment of aconnection with a user device 106, and authentication processor 212 maycompare information provided by user device 106 with information storedin user database 208 to verify that the user has access to the account.Communication processor 204 may provide information regarding filesassociated with the account to user device 106, and may receive a usercommand to access a file associated with the account. Communicationprocessor 204 may respond to a file access command by identifying a filetype of the file and a list of applications available to access the filetype. The list may be generated by some combination of identifyingapplications stored in application database 210 and by determiningapplications installed on user device 106. The list may be provided tothe user by communication processor 204. When communication processor204 receives a request to provide file access to an application,authentication processor 212 may determine whether the application isauthorized to access the file from information stored in file database206 or user database 208. If the application is authorized to access thefile, communication processor 204 may identify the application type frominformation stored in application database 210 or from informationprovided by user device 106. The application may be given access tocontents of the file based on its application type. In certainimplementations, communication processor 204 may provide access to thecontents of a file to a native cloud-incapable application by copyingthe file to user device 106.

FIG. 3 depicts an exemplary screenshot of a UI 300 that may be UI 108 ofFIG. 1. UI 300 is displayed on a desktop or laptop personal computer,and presents a user with a list of applications capable of accessing afile. As depicted, the user has not requested to access the file using adefault application, and is therefore presented with a list 302 ofavailable applications. List 302 is generated by communication processor204, which may present the list to the user through UI 108. The user mayselect one of the programs 304A-F to access the file. In certainimplementations, the user may further indicate a new default applicationwith which to open the file or file type in the future. In someimplementations, the list may indicate an application type of one ormore of the applications.

FIG. 4 depicts an exemplary screenshot of a UI 400 that may be UI 108 ofFIG. 1. UI 400 is displayed on a mobile computing device, which mayinclude a smartphone or a tablet computer, and presents a user with alist of applications capable of accessing a file. As depicted, the userhas not requested to access the file using a default application, and istherefore presented with a list 402 of available applications. List 402is generated by communication processor 204. The user may select one ofthe programs 404A-B to access the file. In the depicted implementation,the user may further indicate a new default application with which toopen the file or file type in the future.

FIG. 5 is an illustrative flow chart of an application identificationprocess 500. Application identification process 500 identifies a userselection of an application to access a file. Referring to FIG. 2,application identification process 500 begins with step 501, in whichcommunication processor 204 receives a request to access a file. Theuser may generate the request through UI 108. In certainimplementations, step 501 may be preceded by user verification process600, described in detail in relation to FIG. 6. In step 502,communication processor 204 determines the file type of the requestedfile, in some implementations by examining the MIME type of the filelisted in file database 206.

Having identified the file type of the requested file, applicationidentification process 500 continues to step 503, which identifieswhether the user has selected to access the file with an availabledefault application. A default application may be an application a userhas selected for opening all files of a file type, for opening aparticular file, or for opening files of some other suitablecharacteristic, and may be identified by information stored in filedatabase 206, user database 208, or application database 210. In caseswhere application database 210 identifies a default application, step503 may be preceded by step 504, described below. A user may choosedefault applications by manually identifying an application used to opena particular file or file type, by establishing that the application theuser most recently used to access the file is the default application,by establishing that the application used to generate the file is thedefault application, or by other suitable methods for choosing a defaultapplication. In certain implementations, a default application maydepend on the user device 106 being used to access the file. As anillustrative example of such implementations, a user may choose a nativeimage display application as the default application for accessing apicture with a mobile device, but choose a first-party cloud imageediting application as the default application to access the samepicture with a laptop computer. As an alternative example, a user maydesignate an application as the default application for accessing afile, with the native version of the application the default on a userdevice 106 which has the application installed and the cloud applicationthe default on a user device 106 which does not have the applicationinstalled. If the user indicates that the file is to be accessed with adefault application, the default application may access the fileaccording to file access process 600, described in relation to FIG. 6;otherwise, application identification process 500 continues to step 504.

In step 504, communication processor 204 may generate a list of at leastone application available to the user and capable of opening theidentified file type. As described in relation to FIG. 2, communicationprocessor 204 may query user device 106 to identify available nativeapplications, may retrieve a list of available applications from userdatabase 208, or identify available applications through some othersuitable source. In certain implementations, if no application capableof opening the identified file type is available to the user,communication processor 204 may generate a message to the user declaringthat no application is available to open the file. In suchimplementations, the message may further suggest how the user may gainaccess to an application in application database 210 capable of openingthe file.

In step 505, communication processor 204 provides the list of availableapplications to the user, in certain implementations by sending acommand to user device 106 to display an application selection interfacesuch as UI 300 or 400, as depicted in FIGS. 3 and 4. In step 506,communication processor 204 receives a selection of an availableapplication with which to access the file. The user-selected applicationmay then access the file according to file access process 600.

FIG. 6 is an illustrative flow chart of a file access process 600. Fileaccess process 600 provides access to a file by a user-selectedapplication. Referring to FIG. 2, communication processor 204 receives arequest to provide file access to an application in step 601. In certainimplementations, the request may constitute the intent of a user toauthorize the application to access the file. In step 602,authentication processor 212 determines whether the request isauthorized, which may include confirming that the request was providedthrough a secure connection associated with the user, verifying a useridentity using the user verification process 700 described in relationto FIG. 7, or by some other suitable method. If the request isunauthorized, communication processor 204 takes remedial action in step603, which may include blocking the application from accessing the file,alerting the user or a system administrator, transmitting a message tothe user informing them how they may authorize the application to accessthe file, or some other appropriate action. If the request isauthorized, communication processor 204 identifies the type of theuser-selected application in step 604.

Having identified the application type, file access process 600continues to step 605, in which communication processor 204 determineswhether the application is cloud-capable. If so, in step 606authentication processor 212 determines whether the application isauthorized to access the file, as described in relation to FIG. 2. Incertain implementations, communication processor 204 may instruct a userdevice 106 or an element of network 104 to launch the application inorder for the application authorization to be verified. If theapplication is not authorized to access the file, file access process600 proceeds to step 603. If the cloud-capable application is authorizedto access the file, in step 607 communication processor 204 will providethe application with access to the file, which may include providing theapplication with file identification information and permitting theapplication to request or edit data associated with the fileidentification information. In certain implementations, communicationprocessor 204 may instruct a user device 106 or an element of network104 to launch the cloud-capable application before providing the fileidentification information.

If the application is not found to be cloud-capable in step 605,communication processor 204 copies the file to the user device 106 instep 608, and may instruct user device 106 to open the copied file withthe application in step 609. In certain implementations, authenticationprocessor 212 may confirm that user device 106 is authorized to storethe file or that the cloud-incapable application is authorized to accessthe file before copying the file to user device 106. In someimplementations, the file may be copied to an element of network 104,such as a server running a third-party cloud application, and theapplication may access the file copy on the element of network 104.

FIG. 7 is an illustrative flow chart of a user verification process 700.Referring to FIG. 2, user verification process 700 verifies that arequest generator is authorized to access a set of files associated withcloud storage engine 200. User verification process 700 begins with step701, in which communication processor 204 identifies a newly establishedconnection between cloud storage engine 200 and a user device 106. Instep 702, authentication processor 212 determines whether the userdevice 106 has been authorized to access data associated with a userlisted in user database 208, which may include comparing identifyinginformation provided by the user device 106 with information stored inuser database 208, such as a Media Access Control (MAC) addressassociated with the user device, a security token associated with theuser device, or other identifying information.

If step 702 confirms that the user device 106 is authorized,authentication processor 212 may allow the user device 106 to access theauthorizing user's data in step 703. In certain implementations,authentication processor 212 may examine other data before allowing theuser device 106 to access the authorizing user's data. In suchimplementations, authentication processor 212 may compare informationstored in user database 208 with Global Positioning System (GPS) datafrom the user device 106, IP routing data, or other data associated withthe user device 106, and may proceed to step 707 in the case of amismatch. As an illustrative example of such implementations, if a firstuser device 106 is accessing data associated with a user account, and asecond user device 106 in a different geographic location attempts toaccess data associated with the same user account, authenticationprocessor 214 may block the second user device 106 from accessing thecloud storage engine 200. In certain implementations, a first userdevice 106 may be authorized to access a different set of the sameuser's files as a second user device 106. As an illustrative example ofsuch an implementation, a user may authorize a mobile computing deviceto access files associated with the user but not sensitive financialfiles associated with the user's account.

If the user device 106 is not authorized, user verification process 700may proceed to step 704. In step 704, authentication processor 212 maytransmit a request for user identification information to the userdevice 106 via communication processor 204. Communication processor 204,upon receiving the user identification information in step 705, passesthe information to authentication processor 212 so that the useridentification information may be verified in step 706. Useridentification information may be compared against information stored inuser database 208, and may include a user ID and password combination, apersonal identification number (PIN), an automatically generatedidentification number provided to a phone number provided by the user,or other suitable identifying information. If the user identification isincorrect, authentication processor 212 may instruct communicationprocessor 204 to block access by the device in step 707, and maytemporarily block access to the account, alert the user or a systemsadministrator, or take other suitable action.

If the user identification is correct, step 708 may determine whetherthe user wants to authorize the user device 106, which may be determinedby identifying whether the user selected a “Remember this device” optionin providing identification information, by transmitting a prompt to theuser to select whether to permanently authorize the user device 106, orby some other suitable method. If not, the authentication processor 212provides the user device 106 with temporary access in step 709.Otherwise, in step 710 the authentication processor 212 provides theuser device 106 with access to cloud storage engine 200 and recordsinformation identifying the device in user database 208.

FIG. 8 is a block diagram of a computing device that can be used toimplement or support any of the components of the system of FIG. 1 or 2,and for performing any of the processes described herein. Cloud storageengine 200 may be implemented on one or more computing devices 800having suitable circuitry, and user device 106 may communicate withcloud storage device 102 through one or more computing devices 800having suitable circuitry. In certain aspects, a plurality of thecomponents of cloud storage system 100 may be included within onecomputing device 800. In certain implementations, a component and astorage device may be implemented across several computing devices 800.

The computing device 800 comprises at least one communications interfaceunit, an input/output controller 810, system memory, and one or moredata storage devices. This can support a network connection such as aconnection to network 104 in FIG. 1. The system memory includes at leastone random access memory (RAM 802) and at least one read-only memory(ROM 804). RAM 802 can support the file database 206 of FIG. 2, forexample. All of these elements are in communication with a centralprocessing unit (CPU 806) to facilitate the operation of the computingdevice 800. The computing device 800 may be configured in many differentways. For example, the computing device 800 may be a conventionalstandalone computer or alternatively, the functions of computing device800 may be distributed across multiple computer systems andarchitectures. In FIG. 8, the computing device 800 may be linked, vianetwork or local network, to other servers or systems.

The computing device 800 may be configured in a distributedarchitecture, wherein databases and processors are housed in separateunits or locations. Some units perform primary processing functions andcontain, at a minimum, a general controller or a processor and a systemmemory. In distributed architecture implementations, each of these unitsmay be attached via the communications interface unit 808 to acommunications hub or port (not shown) that serves as a primarycommunication link with other servers, client or user computers, andother related devices. The communications hub or port may have minimalprocessing capability itself, serving primarily as a communicationsrouter. A variety of communications protocols may be part of the system,including, but not limited to: Ethernet, SAP, SAS™, ATP, BLUETOOTH™,GSM, and TCP/IP.

The CPU 806 comprises a processor, such as one or more conventionalmicroprocessors and one or more supplementary co-processors such as mathco-processors for offloading workload from the CPU 806. The CPU 806 isin communication with the communications interface unit 808 and theinput/output controller 810, through which the CPU 806 communicates withother devices such as other servers, user terminals, or devices. Thecommunications interface unit 808 and the input/output controller 810may include multiple communication channels for simultaneouscommunication with, for example, other processors, servers, or clientterminals.

The CPU 806 is also in communication with the data storage device. Thedata storage device may comprise an appropriate combination of magnetic,optical, or semiconductor memory, and may include, for example, RAM 802,ROM 804, flash drive, an optical disc such as a compact disc, or a harddisk or drive. The CPU 806 and the data storage device each may be, forexample, located entirely within a single computer or other computingdevice; or connected to each other by a communication medium, such as aUSB port, serial port cable, a coaxial cable, an Ethernet cable, atelephone line, a radio frequency transceiver, or other similar wirelessor wired medium or combination of the foregoing. For example, the CPU806 may be connected to the data storage device via the communicationsinterface unit 808. The CPU 806 may be configured to perform one or moreparticular processing functions.

The data storage device may store, for example, (i) an operating system812 for the computing device 800; (ii) one or more applications 814(e.g., computer program code or a computer program product) adapted todirect the CPU 806 in accordance with the systems and methods describedhere, and particularly in accordance with the processes described indetail with regard to the CPU 806; or (iii) database(s) 816 adapted tostore information that may be utilized to store information required bythe program. The depicted database 816 can be any suitable databasesystem, and can be a local or distributed database system.

The operating system 812 and applications 814 may be stored, forexample, in a compressed, an uncompiled and an encrypted format, and mayinclude computer program code. The instructions of the program may beread into a main memory of the processor from a computer-readable mediumother than the data storage device, such as from the ROM 804 or from theRAM 802, or from a computer data signal embodied in a carrier wave, suchas that found within the well-known Web pages transferred among devicesconnected to the Internet. While execution of sequences of instructionsin the program causes the CPU 806 to perform the process steps describedherein, hard-wired circuitry may be used in place of, or in combinationwith, software instructions for implementation of the processes of thepresent disclosure. Thus, the systems and methods described are notlimited to any specific combination of hardware and software.

Suitable computer program code may be provided for performing one ormore functions in relation to a cloud storage system as describedherein. The program also may include program elements such as anoperating system 812, a database management system, and “device drivers”that allow the processor to interface with computer peripheral devices(e.g., a video display, a keyboard, a computer mouse, etc.) via theinput/output controller 810.

The term “computer-readable medium” as used herein refers to anynon-transitory medium that provides or participates in providinginstructions to the processor of the computing device 800 (or any otherprocessor of a device described herein) for execution. Such a medium maytake many forms, including but not limited to, non-volatile media andvolatile media. Non-volatile media include, for example, optical,magnetic, or opto-magnetic disks, or integrated circuit memory, such asflash memory. Volatile media include dynamic random access memory(DRAM), which typically constitutes the main memory. Common forms ofcomputer-readable media include, for example, a floppy disk, a flexibledisk, hard disk, magnetic tape, any other magnetic medium, a CD-ROM,DVD, any other optical medium, punch cards, paper tape, any otherphysical medium with patterns of holes, a RAM, a PROM, an EPROM orEEPROM (electronically erasable programmable read-only memory), aFLASH-EEPROM, any other memory chip or cartridge, or any othernon-transitory medium from which a computer can read.

Various forms of computer readable media may be involved in carrying oneor more sequences of one or more instructions to the CPU 806 (or anyother processor of a device described herein) for execution. Forexample, the instructions may initially be borne on a magnetic disk of aremote computer (not shown). The remote computer can load theinstructions into its dynamic memory and send the instructions over anEthernet connection, cable line, or even telephone line using a modem. Acommunications device local to a computing device 800 (e.g., a server)can receive the data on the respective communications line and place thedata on a system bus for the processor. The system bus carries the datato main memory, from which the processor retrieves and executes theinstructions. The instructions received by main memory may optionally bestored in memory either before or after execution by the processor. Inaddition, instructions may be received via a communication port aselectrical, electromagnetic, or optical signals, which are exemplaryforms of wireless communications or data streams that carry varioustypes of information.

Some implementations of the above described may be implemented by thepreparation of application-specific integrated circuits or byinterconnecting an appropriate network of conventional componentcircuits, as will be apparent to those skilled in the art. Those ofskill in the art would understand that information and signals may berepresented using any of a variety of different technologies andtechniques. For example, data, instructions, requests, information,signals, bits, symbols, and chips that may be referenced throughout theabove description may be represented by voltages, currents,electromagnetic waves, magnetic fields or particles, optical fields orparticles, or any combination thereof.

While various embodiments of the present disclosure have been shown anddescribed herein, it will be obvious to those skilled in the art thatsuch embodiments are provided by way of example only. Numerousvariations, changes, and substitutions will now occur to those skilledin the art without departing from the disclosure. For example, cloudstorage engine 200 may install a native version of a user-selectedapplication on a user device 106 if the application is not installed.Also, cloud storage engine 200 may respond to a command to run anapplication by running a native version of the application if installed,but run the cloud version of the same application otherwise. It shouldbe understood that various alternatives to the embodiments of thedisclosure described herein may be employed in practicing thedisclosure. Elements of an implementation of the systems and methodsdescribed herein may be independently implemented or combined with otherimplementations. It is intended that the following claims define thescope of the disclosure and that methods and structures within the scopeof these claims and their equivalents be covered thereby.

We claim:
 1. A method, comprising: receiving, from a user device, arequest to access file data stored on a cloud storage; determining thatat least one first application available to the user device is capableof accessing the requested file data without downloading content of therequested file data based on a first application type of the at leastone first application; in response to determining that the at least onefirst application is capable of accessing the requested file datawithout downloading content of the requested file data, providing accessinformation of the requested file data to the at least one firstapplication; determining that at least one second application availableto the user device is not capable of accessing the requested file datawithout downloading content of the requested file data based on a secondapplication type of the at least one second application; and in responseto determining that the at least one second application is not capableof accessing the requested file data without downloading content of therequested file data, downloading content of the requested file data fromthe cloud storage.
 2. The method of claim 1, further comprising:determining that the at least one first application is installed on theuser device sending the request, wherein providing access information tothe at least one first application is further based on the at least onefirst application being installed on the user device.
 3. The method ofclaim 1, further comprising: determining that the at least one firstapplication is a web-based application associated with the cloudstorage, wherein providing access information to the at least one firstapplication is further based on the at least one first application beingassociated with the cloud storage.
 4. The method of claim 1, furthercomprising: determining that the at least one second application is aweb-based application associated with the cloud storage, whereindownloading content of the requested file data is further based on theat least one second application being a web-based application notassociated with the cloud storage.
 5. The method of claim 1, whereindownloading content of the requested file data comprises downloadingcontent of the requested file data to a server associated with aweb-based application.
 6. The method of claim 1, further comprising:determining whether the at least one first application is installed onthe user device sending the request; in response to determining that theat least one first application is installed on the user device,providing access to metadata associated with the requested file data;and in response to determining that the at least one first applicationis not installed on the user device, denying access to metadataassociated with the requested file data.
 7. The method of claim 1,further comprising: determining whether the at least one firstapplication is a web-based application associated with the cloudstorage; in response to determining that the at least one firstapplication is associated with the cloud storage, providing access tometadata associated with the requested file data; and in response todetermining that the at least one first application is not associatedwith the cloud storage, denying access to metadata associated with therequested file data.
 8. The method of claim 1, further comprising:identifying that the request is received from a user; identifying theuser device from which the request is received among a plurality ofdevices associated with the user; and determining that the user devicehas a predetermined default application for accessing the requested filedata, wherein the access information of the requested file data isprovided to the predetermined default application.
 9. The method ofclaim 1, further comprising: determining whether the at least one firstapplication is available to a user sending the request; in response todetermining that the at least one first application is not available,providing, to the user, an option to gain access to the at least onefirst application; receiving, from the user, a selection of one of theat least one first application; and providing access to the selectedapplication if the selected application is one of the at least one firstapplications that is capable of accessing the requested file datawithout downloading content of the requested file data.
 10. The methodof claim 9, further comprising: querying the user device associated withthe user for list of applications associated with the user, whereindetermining whether the at least one first application is available tothe user is based on the query.
 11. The method of claim 9, whereindetermining whether the at least one first application is available tothe user is based on information in the cloud storage.
 12. The method ofclaim 1, wherein at least a portion of the cloud storage includes athird-party database.
 13. The method of claim 1, further comprising:identifying a type of the requested file data; and determining, based onthe identified type of the requested file data, that the at least onefirst application is capable of accessing the requested file data.
 14. Asystem, comprising: one or more processors configured to: receive, froma user device, a request to access file data stored on a cloud storage;determine that at least one first application available to the userdevice is capable of accessing the requested file data withoutdownloading content of the requested file data based on a firstapplication type of the at least one first application; in response todetermining that the at least one first application is capable ofaccessing the requested file data without downloading content of therequested file data, provide access information of the requested filedata to the at least one first application; determine that at least onesecond application available to the user device is not capable ofaccessing the requested file data without downloading content of therequested file data based on a second application type of the at leastone second application; and in response to determining that the at leastone second application available to the user device is not capable ofaccessing the requested file data without downloading content of therequested file data, download content of the requested file data fromthe cloud storage.
 15. The system of claim 14, wherein the one or moreprocessors are further configured to: determine whether the at least onefirst application is installed on the user device sending the request,wherein providing access information to the at least one firstapplication is further based on the at least one first application beinginstalled on the user device.
 16. The system of claim 14, wherein theone or more processors are further configured to: determine whether theat least one first application is a web-based application associatedwith the cloud storage, wherein providing access information to the atleast one first application is further based on the at least one firstapplication being associated with the cloud storage.
 17. The system ofclaim 14, wherein the one or more processors are further configured to:determine whether the at least one second application is a web-basedapplication associated with the cloud storage, wherein downloadingcontent of the requested file data is further based on the at least onesecond application being a web-based application not associated with thecloud storage.
 18. The system of claim 14, wherein the one or moreprocessors are further configured to: determine whether the at least onefirst application is installed on the user device sending the request;in response to determining that the at least one first application isinstalled on the user device, provide access to metadata associated withthe requested file data; and in response to determining that the atleast one first application is not installed on the user device, denyaccess to metadata associated with the requested file data.
 19. Thesystem of claim 14, wherein the one or more processors are furtherconfigured to: determine whether the at least one first application is aweb-based application associated with the cloud storage; in response todetermining that the at least one first application is associated withthe cloud storage, provide access to metadata associated with therequested file data; and in response to determining that the at leastone first application is not associated with the cloud storage, denyaccess to metadata associated with the requested file data.
 20. Thesystem of claim 14, wherein at least a portion of the cloud storageincludes a third-party database.